Researchers discover new vulnerabilities that affect millions of routers, IoT and OT devices from more than 150 vendors.
A warning was issued by researchers and the U.S. Cybersecurity Infrastructure Security Agency about several vulnerabilities affecting the TCP/IP stacks. Millions of internet-of-things devices and embedded systems are affected.
Security researchers called these vulnerabilities Amnesia:33, based on the number of issues found and the fact that they mostly affect the device’s memory. Four of them are critical and facilitate a wide range of attacks, like:
- remote code execution
- information leak
- denial of service
- memory corruption
Researchers have previously found other TCP/IP issues, with related vulnerability sets Ripple20 and Urgent/11. Amnesia:33 affects multiple TCP/IP stacks that are not owned by a single company, making these vulnerabilities hard to patch. For protection, experts recommend disabling or blocking IPv6 traffic when unnecessary, relying on internal DNS servers as much as possible, and monitoring network packages for corrupted packets.
Check the source.
Read More
